Search results for botnet | Breaking Cybersecurity News | The Hacker News

The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty. "The botnet infrastructure had infected Windows systems then further expanded to infect Linux, Mac, and Android devices, victimizing computers and other electronic devices around the world, including in Asia, Europe, North America and South America," the Department of Justice (DoJ)  said  in a press statement. Sergei Makinin, who developed and deployed the malicious software to infiltrate thousands of internet-connected devices from June 2019 through December 2022, faces a maximum of 30 years in prison. The Golang-based botnet malware, prior to its dismantling,  turned the infected devices into proxies  as part of a for-profit scheme, which was then offered to other customers via proxx[.]io and proxx[.]net. "IPStorm is a botnet that abuses a legitimate peer-to-peer (p2p) network c

Days after the US Government took steps to disrupt the notorious TrickBot botnet , a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit , Lumen's Black Lotus Labs , ESET , Financial Services Information Sharing and Analysis Center ( FS-ISAC ), NTT , and Broadcom's Symantec , was undertaken after their request to halt TrickBot's operations was granted by the US District Court for the Eastern District of Virginia. The development comes after the US Cyber Command mounted a campaign to thwart TrickBot's spread over concerns of ransomware attacks targeting voting systems ahead of the presidential elections next month. Attempts aimed at impeding the botnet were first reported by KrebsOnSecurity early this month. Microsoft and its partners analyzed over 186,000 TrickBot samples, using it to track down the m

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

An updated version of a botnet malware called  Prometei  has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation methods, some of which also include the  exploitation  of ProxyLogon Microsoft Exchange Server flaws. It's also notable for avoiding striking Russia, suggesting that the threat actors behind the operation are likely based in the country. The cross-platform botnet's motivations are financial, primarily leveraging its pool of infected hosts to mine cryptocurrency and harvest credentials. The latest variant of Prometei (called v3) improves upon its existing features to challenge forensic analysis and further burrow its access on victim machines, Cisco Talos  said  in a report share

While tracking botnet activity on their honeypot traffic, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new variant of Mirai —the well known IoT botnet malware that wreaked havoc last year. Last week, researchers noticed an increase in traffic scanning ports 2323 and 23 from hundreds of thousands of unique IP addresses from Argentina in less than a day. The targeted port scans are actively looking for vulnerable internet-connected devices manufactured by ZyXEL Communications using two default telnet credential combinations— admin/CentryL1nk and admin/QwestM0dem —to gain root privileges on the targeted devices. Researchers believe (instead "quite confident") this ongoing campaign is part of a new Mirai variant that has been upgraded to exploit a newly released vulnerability (identified as CVE-2016-10401 ) in ZyXEL PK5001Z modems. "ZyXEL PK5001Z devices have zyad5001 as the su (superuser) password, which makes it easier for rem

THOR : Another P2P Botnet in development with extra stealth features The research community is now focusing on the integration of peer-to-peer (P2P) concepts as incremental improvements to distributed malicious software networks (now generically referred to as botnets). Because "botnets" can be used for illicit financial gain,they have become quite popular in recent Internet attacks. A " botnet " is a network of computers that are compromised and controlled by an attacker. Each computer is infected witha malicious program called a "bot", which actively communicates with other bots in the botnet or with several "botcontrollers" to receive commands from the botnet owner. Attackers maintain complete control of their botnets, andcan conduct Distributed Denial-of-Service (DDoS) attacks,email spamming, keylogging, abusing online advertisements, spreading new malware, etc. However, the first botnets that use peer-to-peer (P2P) networks for remote control of the compromised machines appeare

In a coordinated International cyber operation, Europol with the help of international law enforcement agencies has taken down what it called "one of the longest-running malware families in existence" known as Andromeda. Andromeda , also known as Win32/Gamarue, is an infamous HTTP-based modular botnet that has been around for several years now, and infecting computers with it's malicious intentions ever since. The primary goal of Andromeda bot is to distribute other malware families for mass global malware attacks. The botnet has been associated with at least 80 malware families, and in the last six months, it was detected (or blocked) on an average of more than 1 million machines per month. Last year, law enforcement agencies took down the criminal infrastructure of the infamous Avalanche botnet in a similar massive international cyber operation. Avalanche botnet was used as a delivery platform to spread other malware families, including Andromeda. While in

The Russian man who was accused of operating the infamous Kelihos botnet has finally pleaded guilty in a U.S. federal court. Peter Yuryevich Levashov , 38, of St. Petersburg, Russia, pleaded guilty on Wednesday in U.S. federal court in Connecticut to computer crime, wire fraud, conspiracy and identity theft charges. Levashov, also known by many online aliases including Peter Severa, Petr Levashov, Petr Severa and Sergey Astakhov, has admitted of operating several botnets, including the Storm, Waledac and Kelihos botnets, since the late 1990s until he was arrested in April 2017 . Kelihos botnet, dated back to 2010, was a global network of tens of thousands of infected computers that were used to steal login credentials, send bulk spam emails, and infect computers with ransomware and other malware. Russian Hacker Infects 50,000 Computers With Kelihos Botnet Storm and Waledac botnets also shared Kelihos code, but kelihos was the most notorious botnet of all that alone infect

An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down by the threat actors themselves. KmsdBot, as christened by the Akamai Security Intelligence Response Team (SIRT), came to light mid-November 2022 for its ability to  brute-force systems  with weak SSH credentials. The botnet strikes both Windows and Linux devices spanning a wide range of microarchitectures with the primary goal of deploying mining software and corralling the compromised hosts into a DDoS bot. Some of the major targets included gaming firms, technology companies, and luxury car manufacturers. Akamai researcher Larry W. Cashdollar, in a new update, explained how commands sent by the malware operators to carry out a DDoS attack against the bitcoin[.]com website inadvertently neutralized the malware. "Interestingly, after one single improperly formatted command, the bot stopped sending commands," Cashdollar  said . "It&#

A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. "This botnet is mainly derived from  Gafgyt 's source code but has been observed to borrow several modules from  Mirai 's original source code," Fortinet FortiGuard Labs  said  in a report this week. The botnet has been attributed to an actor named Keksec (aka  Kek Security , Necro, and  FreakOut ), which has been linked to multiple botnets such as  Simps ,  Ryuk  (not to be confused with the ransomware of the same name), and  Samael , and has a history of targeting cloud infrastructure to carry out crypto mining and DDoS operations. Primarily targeting routers from Seowon Intech, D-Link, and iRZ to propagate its infections and grow in volume, an analysis of the malware specimen has highlighted Enemybot's obfuscation attemp

The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations," the U.S. Department of Justice (DoJ)  said  in a statement. APT28 , also tracked under the monikers BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Pawn Storm, Sednit, Sofacy, and TA422, is  assessed  to be linked to Unit 26165 of Russia's Main Directorate of the General Staff (GRU). It's known to be active since at least 2007. Court documents allege that the attackers pulled off their cyber espionage campaigns by relying on  MooBot , a Mirai

One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story.  But the malware never ceased to surprise.  November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues in the industry were among the first to notice the emergence of Emotet's malicious documents. First Emotet malicious documents And this February, we can see a very active wave with crooks running numerous attacks, hitting the top in the rankings. If you are interested in this topic or researching malware, you can make use of the special help of  ANY.RUN , the interactive sandbox for the detection and analysis of cyber threats. Let's look at the new version's changes that this disruptive malware brought this time.  Emotet history Emotet is a sophisticated, constantly

Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called " Abcbot " that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service (DDoS) attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30 have been equipped with additional updates to strike Linux web servers with weak passwords and are susceptible to N-day vulnerabilities, including a custom implementation of DDoS functionality, indicating that the malware is under continuous development. Netlab's findings also build on a report from Trend Micro early last month, which  publicized  attacks targeting Huawei Cloud with cryptocurrency-mining and cryptojacking malware. The intrusions were also notable for the fact that the malicious shell scripts specifically disabled a process designed to monitor and scan the ser

A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed  V3G4  by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by the same threat actor. "Once the vulnerable devices are compromised, they will be fully controlled by attackers and become a part of the botnet," Unit 42 researchers  said . "The threat actor has the capability to utilize those devices to conduct further attacks, such as distributed denial-of-service (DDoS) attacks." The attacks primarily single out exposed servers and networking devices running Linux, with the adversary weaponizing as many as 13 flaws that could lead to remote code execution (RCE). Some of the notable flaws relate to critical flaws in Atlassian Confluence Server and Data Center, DrayTek Vigor routers, Airspan AirSpot, and Geu

Kelihos Botnet with 110,000 PCs take down finally Botnets are particularly insidious, using thousands of virus-infected computers which their owners are unaware are being used for sending out spam, launching denial-of-service attacks and stealing data.But taking down a botnet poses challenges. The main problem is that legitimate security companies can't use the same type of weapons as criminals. A group of malware experts from security companies Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, have worked together to disable the second version of the Kelihos botnet, which is significantly bigger than the one shut down by Microsoft and its partners. Kelihos is used to send spam, carry out DDoS attacks, and steal online currency such as bitcoin wallets. It operates as a so-called "peer-to-peer" bot network, which are more difficult to take down than those with a centralized command and control servers (C&C), according to Tillmann Werner, a senior

A newly discovered zombie network that exclusively targets Apple computers running Mac OS X across the globe has compromised roughly 17,000 machines so far, giving hackers backdoor access to infected computers, researchers at Russian antivirus firm Dr.Web warned. According to a survey of traffic conducted in September by researchers at Dr. Web, over 17,000 Macs globally are part of the Mac.BackDoor.iWorm botnet , which creates a backdoor on machines running OS X. Researchers say almost a quarter of iWorm botnet are located in the US. The most interesting thing to notice about this botnet is that it uses a special method of spreading via a search service of Reddit posts to a Minecraft server list subreddit to collect the IP addresses for its command and control (CnC) network. The user who had posted that subreddit data has now been shut down though the malware creators are likely to form another server list. " It is worth mentioning that in order to acquire a control server add

As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called  Silentbob . "The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave Scope, SSH, and Jupyter applications," Aqua security researchers Ofek Itach and Assaf Morag  said  in a report shared with The Hacker News. "The focus this time seems to be more on infecting systems and testing the botnet, rather than deploying cryptominers for profit." The development arrives a week after the cloud security company  detailed  an intrusion set linked to the TeamTNT group that targets exposed JupyterLab and Docker APIs to deploy the Tsunami malware and hijack system resources to run a cryptocurrency miner. The latest findings suggest a broader campaign and the use of a larger attack infrastructure than previously thought, including various shell script

The U.S. Department of Justice (DoJ) on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things (IoT) devices, Android phones, and computers for use as a proxy service. Botnets, a constantly evolving threat, are networks of hijacked computer devices that are under the control of a single attacking party and are used to facilitate a variety of large-scale cyber intrusions such as distributed denial-of-service (DDoS) attacks, email spam, and cryptojacking. "The RSOCKS botnet offered its clients access to IP addresses assigned to devices that had been hacked," the DoJ  said  in a press release. "The owners of these devices did not give the RSOCKS operator(s) authority to ac

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets. According to court documents, Kenneth Currin Schuchman , a resident of Vancouver, and his criminal associates–Aaron Sterritt and Logan Shwydiuk–created multiple DDoS botnet malware since at least August 2017 and used them to enslave hundreds of thousands of home routers and other Internet-connected devices worldwide. Dubbed Satori, Okiru, Masuta, and Tsunami or Fbot, all these botnets were the successors of the infamous IoT malware Mirai , as they were created mainly using the source code of Mirai, with some additional features added to make them more sophisticated and effective against evolving targets. Even after the orig